We've studied corruption at length as related to corporate responsibility, ethics, and global commerce.
I'm working on my very last class for a Master's degree in business Executive Leadership. The whole thing makes me uncomfortable and here's why. If an attacker got control of the registrar user account notion has, they could change the dns records for notion.so to their own server, which would then return that notion.so runs on a different IP address. That information of what the nameservers are is passed to nic.so from the registrar.
Then nic.so says notion.so records are (currently) handled by cloudflare (specifically woz.ns. and dana.ns.), who then responds with individual records (like pointing to 104.25.152.102). In this case, they know that nic.so runs. Those nameservers would then point to a different server than notion’s actual servers.īasically, DNS root servers run by universities, Verizon, the military, and a few other orgs are responsible for knowing who runs various TLDs. Calling the registrar and saying they couldn’t get into their account and they were from notion etc etc), they could change the name servers from cloudflare to their own. So if someone got control of that domain (say for example through social engineering. so) what name servers are authoritative for a specific domain (like notion.so). The registrar is only responsible for telling the authoritative nameserver for a TLD (like. Y4BojKwNlLY3/XOzmVKOOhWtsTJ/Ch6T6MXKlZSDF00t05H3NR3WT3lh v7VXjw= > DiG 9.11.3-1ubuntu1.7-Ubuntu > +trace notion.so A
NOTION SO LOGIN HOW TO
Your computer/nameserver only knows how to query Cloudflare for notion.so because sonic's DNS servers told it so. If 'hackers are taking over the nameservers of cloudflare', half of the internet is at risk.
NOTION SO LOGIN PASSWORD
Their password system is strange also (at least: not academic "for greater security"), with no support of 2FA (they consider that sending by email the password is 2FA? Really?).Īnd finally and most importantly, notion.so's nameservers are run by Cloudflare - not sonic. I think that Notion should really implement security - their product is extremely great but I am concerned about the confidentiality. What are the risks? It should not be difficult for a experimented hacker to trick/hack SONIC and potentially to takeover the NS servers for notion.so. Of course, it does not support SSL.įinally, the sonic.so website is a poorly configured Wordpress, with directory listing enabled (!!): I don't know how things are organized in Somali but it is not very trusty.
Problem: they have only a PO box, without any postal address associated. I looked for their postal address to go a google street view, just out of curiosity. I went on their website ( sonic.so), and I immediately noticed that their SSL certificates is expired: so TLD is managed by an organization called SONIC (Somali Network Information Center). For an app which is hosting potentially a lot of confidential and private information, this is a concern I think.Īccording to my research, the. SO top level domain name, which is the TLD of Somali. I think they did a bad move to host everything with the. I am a bit concerned about the security of Notion.
0 kommentar(er)
